Extending server-based desktop virtual machine architecture to client machines

ABSTRACT

A server-based desktop-virtual machines architecture may be extended to a client machine. In one embodiment, a user desktop is remotely accessed from a client system. The remote desktop is generated by a first virtual machine running on a server system, which may comprise one or more server computers. During execution of the first virtual machine, writes to a corresponding virtual disk are directed to a delta disk file or redo log. A copy of the virtual disk is created on the client system. When a user decides to “check out” his or her desktop, the first virtual machine is terminated (if it is running) and a copy of the delta disk is created on the client system. Once the delta disk is present on the client system, a second virtual machine can be started on the client system using the virtual disk and delta disk to provide local access to the user&#39;s desktop at the client system. This allows the user to then access his or her desktop without being connected to a network.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.14/165,380 filed Jan. 27, 2014, now U.S. Pat. No. 9,444,883 issued Sep.13, 2016, which is a continuation of U.S. patent application Ser. No.12/390,819 filed Feb. 23, 2009, now U.S. Pat. No. 8,640,126 issued Jan.28, 2014, which claims benefit of U.S. Provisional Patent Application61/031,613,which was filed Feb. 26, 2008 and which is whollyincorporated herein by reference.

BACKGROUND OF THE INVENTION

The benefits of computer virtualization have been recognized as greatlyincreasing the computational efficiency and flexibility of a computinghardware platform. For example, computer virtualization allows multiplevirtual computing machines to run on a common computing hardwareplatform. Similar to a physical computing hardware platform, virtualcomputing machines include storage media, such as virtual hard disks,virtual processors, and other system components associated with acomputing environment. For example, a virtual hard disk can store theoperating system, data, and application files for a virtual machine.

Server-based computing allows a networked client system, remotelydisposed with respect to a server, to access computing resources on theserver. For example, a client can use a remote desktop protocol such asRDP or VNC to access a desktop remotely and transmit user input such askeyboard or mouse input to the remote system. Server-based computingfacilitates centralized management of computing resources. However, adrawback is a less than optimum computing experience. For example,graphic intensive applications and local devices, such as USB devices,printers and the like, may not operate as desired. Additionally, theuser must stay connected to the network to gain access to the user'sdesktop stored on the server.

As an alternative to server-based computing, client-side computingallows the user to be located away from an enterprise network and inoffline mode, i.e., not connected to a network or the Internet. From anenterprise management standpoint, however, client-side computing leadsto undesirable inefficiencies when it comes to such tasks as updatingoperating systems and applications, enforcing security, licensingcompliance, locking information, forcing adherence to various policies,and data backup.

SUMMARY

The challenges described above may be addressed by extendingserver-based desktop-virtual machine architecture to a client machine.In one embodiment, a user desktop is remotely accessed from a clientsystem. The remote desktop is generated by a first virtual machinerunning on a server system, which may comprise one or more servercomputers. During execution of the first virtual machine, writes to acorresponding virtual disk are directed to a delta disk file or redolog. A copy of the virtual disk is created on the client system. When auser decides to “check out” his or her desktop, the first virtualmachine is terminated (if it is running) and a copy of the delta disk iscreated on the client system. Once the delta disk is present on theclient system, a second virtual machine can be started on the clientsystem using the virtual disk and delta disk to provide local access tothe user's desktop at the client system. This allows the user to thenaccess his or her desktop without being connected to a network.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a simple exemplary virtual desktop infrastructure (VDI)system providing access to centrally-managed user desktops.

FIG. 2 shows a logical representation of an exemplary virtualizedcomputer system.

FIGS. 3A, 3B, 3C, and 3D show block diagrams illustrating by way ofexample operation of the virtual desktop infrastructure system of FIG.1.

FIG. 4 shows flowchart showing an exemplary procedure for connecting auser to a remote desktop with automatic background synchronization.

FIG. 5 shows flow chart representing by way of example a method forimplementing a desktop check-out procedure.

DETAILED DESCRIPTION

FIG. 1 shows a simple exemplary virtual desktop infrastructure (VDI)system 10 providing access to centrally-managed user desktops. The term,“desktop” refers to a human interface environment through which userscan launch, interact with, and manage the user's applications, settings,and data. Traditionally a desktop is presented by an operating system ona video display, and a user interacts with the desktop using a mouse andkeyboard. All applications, documents, etc. may be displayed on thedesktop and user input is typically received by applications visible tothe user on the display. The term “desktop” is also known to be used torefer to a physical computer system or “physical desktop” that might beplaced on or near a user's desk, which is distinct from a “laptop” or“palmtop,” but as used herein, the term “desktop” by itself will referexclusively to the human interface environment described above, and nota physical computer system. Using computer virtualization, a user'scomputer system, including operating system settings, applications andapplication settings, and data may be transferred or copied as a virtualmachine from one physical computer to another. When a virtual machine iscopied in this way, the user can access his or her “desktop” from thephysical computer system containing the original virtual machine, or thephysical computer system containing the copy. The “desktop” therefore isno longer tied to a particular physical computer system.

VDI system 10 includes VDI server system 11 in data communication overnetwork 13 with several VDI client systems 12, 14, and 16. Network 13may be any configuration, such as a local area network (LAN), or privateor publicly accessible wide area network, such as the Internet. Itshould be recognized that FIG. 1 shows a simplified representation of atypical VDI network server system 11, which may include other componentssuch as firewalls, connection brokers, and load balancers, as well asback-end storage networks, database servers, etc. Each client system 12,14, 16 may include a user interface 40 (only one shown) through which auser can interact with his or her desktop.

FIG. 2 shows a logical representation of an exemplary virtualizedcomputer system 20. As will be explained in more detail below, VDIserver system 11, and VDI client systems 12, 14, and 16, may includevirtualization software described here with reference to FIG. 2.Virtualized computer system 20 includes a physical hardware platform 22,virtualization software 80 running on hardware platform 22, and one ormore virtual machines 70 running on hardware platform 22 by way ofvirtualization software 80. Virtualization software 80 is thereforelogically interposed between the physical hardware of hardware platform22 and guest system software 72 running “in” virtual machine 70.

Hardware platform 22 may be a general purpose computing system havingone or more system buses 28 that place various hardware platformcomponents in data communication with one another. For example, one ormore processors 24 are placed in data communication with a memory 26using system bus(es) 28. Memory 26 may comprise a system of memoriesincluding read only memory (ROM), random access memory (RAM), cachememories, and various register memories. Non-volatile data storage 30may include one or more disk drives or other machine-readable media ormass data storage systems for storing software or data. Memory 26 and/ornon-volatile data storage 30 may store virtualization software 80 andguest system software 72 running in virtual machine 70. User interface40 may be provided including a keyboard controller (not shown), a mousecontroller (not shown), a video controller (not shown), and an audiocontroller (not shown), each of which may be connected to correspondinguser devices (not shown). As is typical for server computer systems, forVDI server system 11 (FIG. 1) user interfaces and devices may or may notbe included or connected to hardware platform 22. Instead, a userinteraction may occur remotely as generally known in the field of datacenter administration. Network interface 50 enables data communicationover a network such as network 13 (FIG. 1). Network interface 50 mayfacilitate communication using a network protocol, such as TCP/IP.

Virtualization software 80 is well known in the field of computervirtualization. Virtualization software 80 performs system resourcemanagement and virtual machine emulation. Virtual machine emulation maybe performed by a virtual machine monitor (VMM) component. In typicalimplementations, each virtual machine 70 (only one shown) has acorresponding VMM instance. Depending on implementation, virtualizationsoftware 80 may be unhosted or hosted. Unhosted virtualization softwaregenerally relies on a specialized virtualization kernel for managingsystem resources, whereas hosted virtualization software relies on acommodity operating system—the “host operating system”—such as Windowsor Linux to manage system resources. In a hosted virtualization system,the host operating system may be considered as part of virtualizationsoftware 80.

Virtual machine 70 conceptually comprises the state of virtual hardwaredevices (as emulated by virtualization software 80) and contents ofguest system software 72. As shown in FIG. 2, guest system software 72includes a guest operating system 74 and guest applications 78. Guestoperating system 74 may be a commodity operating system such as Windowsor GNU/Linux. Virtualization software 80 is responsible for managinginputs and outputs to and from virtual machine 70, including directinguser interface outputs to local user interface 40 or a remote desktopclient.

FIGS. 3A and 3B show a simplified block diagram depicting an extensibleVDI system 100 having both remote (or centralized) access to users'desktops and local access, allowing a single user to access his or herdesktop either remotely or locally. Extensible VDI system 100 includes aserver system 110 and client system 120. VM 118 executes on serversystem 110 and can be accessed by a user via client system 120. VM 118contains all the user's applications and data as described above withreference to FIG. 2, and is executed using virtualization software 117.In one embodiment, virtualization software 117 comprises non-hostedvirtualization software. In addition, although only one VM 118 is shownexecuting in server 110, any number of VMs may be executing, eachassociated with one or more corresponding users.

Virtualization software 117 directs user I/O to remote desktop host 115.Remote desktop host 115 transmits user's graphics and sounds to remotedesktop client 125. Likewise, remote desktop client 125 sends user'sinput, e.g., keyboard and mouse inputs, to remote desktop host 115.Remote desktop client 125 presents the user's desktop to to the user viauser interface 124, which may comprise various user I/O devices.

Client system 120 includes, in addition to remote desktop client 125, avirtual machine 128 along with virtualization software 127. Virtualmachine 128 can access virtual disk 132, which is a disk image residingas one or more files on physical disk 130 connected to client system120. Virtual disk 132 is maintained by virtualization software 127. Inone embodiment, virtualization software 127 comprises hostedvirtualization software, which runs in conjunction with the client'shost operating system as previously described. Virtual disk 132 can beinitially copied from virtual disk 142 (or vice versa) such that, in oneparticular state, virtual disks 132 and 142 are identical or logicallyequivalent but not identical. By logically equivalent, it is meant thateach virtual disk contains the same file system and data files, whichare logically related in identical file system structures, although theactual disk sectors may not be ordered the same. Two identical disks arealso logically equivalent.

Server system 110 includes or is in communication with a physical disk140 accessible to server system 110. Physical disk 40, which is used byvirtualization software 117 to store user virtual disks, are disk imagefiles for corresponding virtual machines. As the user works on VM 118,it may issue writes to virtual disk 142, which resides as one or morefiles on physical disk 140. However, rather than writing the changesdirectly to virtual disk 142, virtualization software 117 may beconfigured to redirect writes to delta disk 144. Delta disk 144 maycomprise a redo log or other “differences” file. In essence, delta disk144 maintains a list of modifications to virtual disk 142 withoutactually making any changes to virtual disk 142. Delta disks are knownin the art of virtualization and are described in more detail in, e.g.,U.S. Pat. No. 7,356,679. When virtual machine 118 issues a read,virtualization software 117 accesses delta disk 144 to determine if thedata is there, and if not, it accesses virtual disk 142, the parent diskimage for delta disk 144. Virtualization software 117 then delivers thedata to virtual machine 118 as though a simple disk read of a physicaldevice took place.

When a user might decide to “check out” his virtual machine, so that itcan be accessed off line, i.e., without accessing server system 110, heor she may indicate this desire to management software (not shown,described in more detail below). At this time, virtual machine 118 is“powered off” and delta disk 144 is copied to the user's physical disk130 to create delta disk 134 on the user's physical disk 130. Once thisdownload is complete and verified, the writes forming delta disk 144 aremerged into virtual disk 142 and the delta disk 134 is similarly mergedinto virtual disk 132 so that virtual disk 132 and virtual disk 142 aremaintained in a logically equivalent state but now are updated toreflect the most current state left by the user.

In one embodiment, rather than powering off virtual machine 118, theuser may simply suspend, in which case the VM state 136 is alsodownloaded from virtualization software 117, which maintains the stateof virtual machine 118.

FIG. 3B shows extensible VDI system 100 wherein the user is accessinghis or her desktop offline by locally running virtual machine 128. Inthis case, virtualization software 127 runs virtual machine 128 onclient system 120 while remote desktop client 125 is not used.Therefore, the user may be disconnected from any network and workoffline. Virtualization software 127 does not directly modify virtualdisk 132. Rather, it creates a delta disk 134 which contains all thechanges the user issued to virtual disk 132 as described previously withrespect to delta disk 144 in FIG. 3A.

At some point, the user may desire or be required to “check in” his orher desktop to server system 110. At this time, virtual machine 128 is“powered down” and virtualization software 127 connects to server 110and copies delta disk 134 to server's data storage 140 to create deltadisk 144. In one embodiment, the virtual machine may be suspended ratherthan powered down, and VM state 146 is uploaded to server system 10.After copying delta disk 134 or the delta disk 134 plus state 146, thedelta disks 134, 144 are merged into virtual disks 132, 142,respectively. By “merged” it is meant that the disk writes contained ineach of the delta disks are written to the virtual disk files 132, 142,respectively. After this check-in procedure, each of the virtual disks132, 142 are identical or at least logically equivalent so that the usermay begin computing using virtual machine 118 where he or she left offwith virtual machine 128.

As will now be described in greater detail, various enhancements andoptimizations can be made to the basic operation of the check-in,check-out functionality described above.

FIG. 3C shows a more detailed view of extensible VDI system 100. Auser's desktop is defined by the one or more files 141 residing onphysical disk 140 connected to server system 110. Files 141 includefiles for policies 149, virtual disk, 142, delta disk 144, and VM state146. Policies may be stored using a database and/or by a configurationfile associated or embedded as meta data in virtual disk 142. Additionaldesktop files 148 may be provided to define additional desktopsaccessible by a corresponding user or groups of users.

As shown in FIG. 3C, client system 120 includes a VDI client 122 whichcommunicates with management server 112 on server system 110. Managementserver 112 authenticates the user of client 120, processes requests foraccess to user desktops, and enforces policies 149. Policies 149 maydefine to whom and under what circumstances a particular desktop may bemade available. For instance, policies 149 may be particular to the usermaking the request, although global policies, policies based on user'slocation, or group, or services requested, may also be in place.

In one embodiment, management server 112 is a server applicationinstalled on a separate physical computer system that communicates overnetwork 13 to client system 120 and other components of server system110, which, as explained above, may comprise multiple server machines.In the present example, when a user interacts with VDI client 125 onclient system 120, a request is sent via network 13 to server 110 for adesktop associated with the user. As described above, server system 110may include a plurality of VMs (only one shown) each corresponding toone or more users management server 112 receives the user's request,authenticates the user and/or the request, starts or resumes VM 118 asnecessary, and connects VDI client 125 with remote desktop server 115.

VDI client 122 includes a presentation layer 124 that provides agraphical user interface allowing the user to interact with VDI client122 and therefore, server system 110. In one embodiment, VDI client 122executes within or in conjunction with an Internet browser.

At some point, the user may wish to “check-in” or “check-out” his or herdesktop as described above with reference to FIGS. 3A and 3B. In thiscase, the virtual disk or delta disk is copied either from client system120 to server system 110 or vice versa (depending on whether the user is“checking-in” or “checking-out” the desktop). If the user is checkingout the desktop to a computer that does not have a local copy of thevirtual disk, then delta disk 144 may be merged with virtual disk 142 onserver system 110 and the entire virtual disk copied to the user's localclient system 120. Because the virtual disk can be quite large, thisinitial check-out may be very time consuming due to the large quantityof data and potentially limited bandwidth. Even delta disks transmittedduring subsequent check-in and check-out procedures can become quitelarge depending on user activity, e.g., a new application may beinstalled or an existing application or operating system component maybe extensively upgraded or patched.

In one embodiment, the required time for checking-in and checking-outuser desktops may be reduced by transmitting data between client system120 and server system 110 in the background, i.e., while a user isinteracting with a virtual machine but without interfering with useractivity or the operation of the virtual machine. This may be referredto as background synchronization or background data transfer. Backgrounddata transfer may occur automatically in response to a user of clientsystem 120 simply being granted access to VM 118. In this manner, anaccurate and updated representation of virtual disk 142 may betransferred to and from client system 120 without noticeably detractingfrom a user's computing experience. When a user begins working remotelyfrom a new client system 110, virtual disk 142 may be transferred in thebackground until a complete copy of is made available as virtual disk132 on client system 120. Thereafter, changes to virtual disk 142 aretransmitted in the background to client system 120 to begin buildingdelta disk 132. When a user decides to check-out his or her desktop, atleast a majority of the changes to virtual disk 142 will already havebeen transferred to client system 120. Likewise, when a user decides tocheck-in his or her desktop, at least a majority of the changes tovirtual disk 132 will already have been transferred to server system110.

When a user decides to log off of their session with their desktop, anyremaining differences between delta disk 144 and delta disk 134 areresolved by transferring final changes. After completion ofcommunication between client system 120 and server system 110, changesrepresented in delta disk 144 may be written to virtual disk 142. In oneembodiment, this would occur after operation of VM 118 is terminated toensure a steady state of VM 118 while updating virtual disk 142.Termination of operation of VM 118 may include powering down VM 118, orsuspending operation of VM 118. Powering down a VM typically involvesexecuting a power-down procedure of the guest operating system runningin the VM. In this procedure, processes are ended and any transient orcached data currently residing in memory is written to disk. Little orno state information is present when a VM is powered down, whereas asuspend operation involves stopping execution and preserving the stateof the virtual machine by writing to VM state file 146.

Once delta disk 144 is merged with virtual disk 142, delta disk 144 maybe erased, marked for deletion, or otherwise identified as no longerbeing valid. Making virtual disk 132 consistent with virtual disk 142and any changes made to either virtual disk is referred to assynchronization. The user's virtual machines may be synchronized in thisway after local execution of VM 128 has terminated in the same manner asdescribed above with reference to terminating operation of virtualmachine 118 described above.

Management server 112 may establish or enforce a policy that precludesthe operation of virtual machine 118 until it could be ascertained thatthere are no virtual machines 128 corresponding to virtual machine 118that are not synchronized with virtual machine 118. That is, if the userhas interacted off-line with his or her desktop, thereby causing thecreation of a delta disk 134, then the management server 112 may preventuse of VM 118 until the changes represented by delta disk 134 aretransmitted to server system 110 and merged with virtual disk 142.

Maintaining synchronization of the information corresponding to theuser's desktop may include implementing policy management over theuser's desktop. Examples of policies 149 include information as towhether or under what conditions may a copy of the user's desktop may betransferred to a client system 120, how long the desktop may bechecked-out before being checked back in to server system 110,restrictions on the use of virtual machine 128/118, and the like.Virtualization software 127 and/or VDI client 122 may be configured toenforce established policies, e.g., using encryption to preventunauthorized access to data stored on virtual disk 132, and associateddelta disks.

In one embodiment, when a user starts VDI client 122, he or she may bepresented with a log-in screen requesting authentication information.VDI client then communicates the authentication information to serversystem 110, e.g., to remote desktop server 112. Remote desktop server115 validates the user's authentication and sends a request tomanagement server 112 for an existing desktop corresponding to theuser's authentication information. Management server 112 receives therequest from remote desktop server 115 and compares the provided useridentifier with mapping table 114, which associates the user identifierwith one or more virtual machines on server system 110. Upon identifyingthe virtual machine(s) associated with the user identifier, Managementserver 112 provides connection information or otherwise facilitatesconnection between VDI client 110 and remote desktop server 115 forremote user access to the corresponding desktop.

In another embodiment, a user request transmitted to server system 110may include local desktop status information. Local status informationmay also be provided separately from the request in response to a queryfrom remote desktop server 115. Local status information may includeinformation that help identify differences between the state of theuser's local client system 120 and server system 110. For example, localstatus information may include whether or not the user has accessed hisor her desktop offline, causing the creation of delta disk 134. If adelta disk 134 is present, then management server 112 would commencetransmission of the difference in the background prior to permittingaccess to virtual machine 118. If the transmission time is projected tobe lengthy, then the user may be immediately connected to local VM 128during background synchronization. If there is no delta disk 134, but adelta disk 144 is present, then connection to VM 118 may be permittedwith concomitant automatic background synchronization.

In one embodiment, background data transfer may occur in response to aperiodic query that automatically occurs while client system 120 isaccessing server system 110. In another embodiment, background datatransfer may occur only upon a request by the user of client system 120.For example, the user may request that the local client system 110 besynchronized with server system 110 in contemplation of going off line.For users that rarely go offline, use of this feature may significantlyreduce the load on network resources. Policies 149 may require, allow(i.e., let the user decide), or prevent continuous, periodic, oruser-initiated synchronization.

In an embodiment represented by way of example in FIG. 3D, user data andsystem data are maintained in separate virtual drives. In thisembodiment, the amount of data that to be transferred may be furtherreduced by writing only user data to delta user data disk 135 or 145(depending on whether the user is accessing his or her desktop locallyor remotely). For example, information for a user's desktop on serversystem 110 may be classified as system information stored in system disk152, which may exist as a disk image file on physical disk 150, and userdata may be stored in virtual user data disk (UDD) 143. Likewise changesto these two disks may be stored in two separate delta disks: deltasystem disk 144 and delta UDD disk 145.

In one embodiment, system information includes application information78 and guest system software 72 (FIG. 2) whereas user data includesdocuments, settings, user-specific properties, etc. Most operatingsystems such as Windows, OSX®, and Gnu-Linux include a facility formaintaining system and user data on separate disks. By usingvirtualization to produce separate delta images for both system data anduser data, management server 112 may be configured to limit transfer ofdata to only user information stored on virtual UDD 143. In this case,any changes made to the system (and therefore written to delta systemdisk 144) will be discarded and system disk 152 will therefore revertback to a known good state with each check-in or check-out of the user'sdesktop, since that information is not transferred. Furthermore, theamount of information that is transferred between client system 112 andserver system 110 may be reduced to only user data.

In one embodiment, changes to system disk 152, maintained on a separatedelta system disk 144 during operation of the virtual machine, may besubject to whatever policies are in place for that user. I.e., they maybe discarded or merged back into the virtual disk containing systemdata, the operating system, and applications. If delta system disk 144is discarded, then system disk 152 may be considered a “persistentsystem disk” in that it persists in a known good state despite whateverchanges the user makes to the system during any particular user session.

Modifications to system disk may be packaged in patch file 154, e.g.,when the operating system or applications are updated or a new releaseis issued by the manufacturer. These changes may be applied to systemdisk 152 by creating patch file 154 which defines differences between acurrent system disk and an updated system disk. The patch file may beapplied to system disk 152 to created a patched system disk, and alsotransmitted to client system 120, for efficient patching of system disk132 on the client system.

In another embodiment that can coexist with other embodiments describedherein, file system information is analyzed to identify sectors that areassociated with deleted files. These sectors are then omitted whentransferring the delta disk image to further reduce the amount of databeing transferred. The analysis and omission can occur at the time ofthe transfer of the delta disk, or can be performed as a separate stepwherein the delta disk is pre-processed prior to transmission. In thiscase, copies of the virtual disk may not be identical, but arenevertheless logically equivalent.

FIG. 4 shows flowchart 200 showing an exemplary procedure for connectinga user to a remote desktop with automatic background synchronization.The procedure begins as indicated by start block 202 and flows tooperation 204 wherein a request is received by server system 120 (FIGS.3A-3D) to access a desktop corresponding to authentication informationof the user of client system 120. In response to receiving this request,the procedure flows to operation 206, wherein server system 110validates user authentication. If the authentication is invalid, thenthe procedure flows to operation 208 wherein access is refused and theprocedure ends. If authentication is valid, then the procedure flows tooperation 210, wherein the user is connected to a desktop correspondingto the user identifier. After connecting the user to his or her desktopon the virtual machine executing on the server system, the procedureflows to operation 212, wherein server system 110 determines whetherclient system 120 has a correct copy of the virtual disk correspondingto the user's desktop. If not, then the procedure flows to operation214, wherein virtual disk 142 is transmitted to client system 120 in thebackground, i.e., while user is accessing and interacting with thevirtual machine 118 on the server system. This operation continues untilclient system 120 has been provided with a complete correct copy of thevirtual disk for the corresponding desktop.

If, in operation 212, it is determined that the client system has acorrect copy of the virtual disk, then the procedure flows to operation216. As mentioned previously, during user interaction with the virtualmachine on the server system, changes to the virtual disk are written toa delta disk. In operation 216, server system 110 determines whether theclient system has an up-to-date copy of the delta disk image. If not,then the procedure flows to operation 218 wherein the delta disk on theserver system is copied to the user's client system. This procedureoccurs as long as the user is interacting with the virtual machine andtherefore generating changes to the virtual disk. At some point, theuser may log off, power down or suspend the virtual machine executing onthe server system, at which point any remaining changes are copied tothe client system. Then the procedure ends as indicated by done block220.

In one embodiment, background synchronization may be initiated at anytime during a communication session between client system 120 and serversystem 110. The background synchronization may occur automatically(e.g., according to a policy set by an administrator) or at userrequest.

For example, the request or policy may specify that the user's clientsystem be updated periodically. In this case, server system 110determines whether a specified amount of time has elapsed since the mostrecent update. Rather than a strict time measurement, other means ofidentifying an update time may of course be implemented, e.g., a clockcan measure amount of time passed, or the system may wait until the useris idle, i.e., has not interacted with the system for some time. If theclient system is not up to date, and depending on the current state ofvirtual disks in server system 110, i.e., whether a delta disk 144(FIGS. 3A-3D) is present, system 110, in coordination with client system120, begins transmitting the virtual disk 142 and/or delta disk 144containing modifications to virtual disk 142.

In one embodiment, new changes to delta disk 144 are appended to deltadisk 144 as VM 118 is executing, and transmitted periodically to usersystem 120. Server system 110 keeps track of how much of the delta diskhas been transferred to client system 120, so that only the appendedportion is transmitted at each update interval.

In another embodiment, the current delta disk is closed and a new deltadisk is created at each update interval. The current delta disk, whichcontains modifications to information contained in previous delta disksis transmitted while new changes are written to the new delta disk. Inthis manner, a series of chained snapshots are be created andtransmitted to client system 120, which can then reassemble or mergethem into a single delta disk or directly into the virtual disk. In oneembodiment, each delta disk is scanned and/or cleaned of malware such asviruses prior to transmission to client system 110. The scanning may beperformed in the background in an unobtrusive manner.

FIG. 5 shows flow chart 250 representing by way of example a method forimplementing a desktop check-out procedure. The procedure begins atstart block 252 and proceeds to operation 254 wherein the server systemauthenticates a user that requests access. Depending on theimplementation, the user may or may not be immediately connected to hisor her remote desktop at this time. The procedure then flows tooperation 256 wherein the server system receives a request by the userto check out the desktop. The procedure then flows to operation 258wherein the server system determines whether the policy and userpermissions allow check-out of the user's desktop to the user. If not,the procedure flows to operation 260 wherein a message is transmitted tothe client system indicating that he or she does not have privileges tocheckout his or her desktop a the present time. The procedure then endsas indicated by done block 274.

If, in operation 258, it is determined that the user indeed haspermission to checkout the desktop, then the procedure flows tooperation 262 to determine whether the user's desktop is already checkedout e.g., to a different client system, and as not since been checkedback in. User desktop status may be maintained in, e.g., a user databaseor in a status field, meta data field, or sub-section in or of the filecontaining the virtual disk image. If the user's desktop is currentlychecked-out, then the procedure flows to operation 260 and server system120 transmits a check-out access denied message to client system 12.This ensures that only one copy of the user's desktop may be checked-outat a time. In one embodiment, the user is prevented from remotelyaccessing his or her desktop when the desktop is in a “checked-out”state, which would result in “branching” of the virtual machines andloss of synchronization. If it is determined in operation 262 that thedesktop is not already currently checked out, then the procedure flowsto operation 264 wherein if running, the user's virtual machine isterminated. Terminating the virtual machine may include powering it downor suspending the virtual machine and saving the state to disk.

The procedure then flows to operation 266 wherein the client system isqueried to determine whether it has a current copy of the system diskand any delta disks that may be present on the server system. If not,then the procedure flows to operation 268 wherein the virtual disk anddelta images are copied or updated as needed, and then the procedureflows to operation 270. If, in operation 266, it is determined that theclient system already had current copies of the virtual disk and anydelta disks, then the procedure flows directly to operation 270.

In operation 270, the user or meta data is updated to reflect the now“checked out” status of the user's desktop. The procedure the flows tooperation 272 wherein the user is permitted to access his or her desktopby running the local virtual machine on the local client system. Theprocedure then ends as indicated by done block 274.

In one embodiment, a user may be permitted to access his or her desktopremotely even though it is checked out to a client system. Although thedesktop may be in a checked-out state this does not preclude a user ofclient system 120 from utilizing resources of server system 110 toremotely access his or her desktop. For example, the client system 120may experience a system failure such as a hard drive malfunction or beinfected by a virus/malware. In this case, the user may choose todiscard the local virtual machine access the corresponding virtualmachine on server system 110 despite not having checked-in the desktopto the server system. Alternatively, the user may be permitted to accessthe desktop on the server system with the understanding that any changesmade to the server system will be lost. For example, if a user is unableto access their client system, i.e., they are away from their computerbut need access to their desktop, e.g., to read a file or access emailor a corporate intranet site, they would still be able to access theirdesktop remotely, albeit an out-of-date version, and without anypersistence of newly-saved data.

In another enhancement, the system may automatically, or upon userrequest, perform a virus/malware scan on the information contained ondata storage 140, i.e., delta disks 144 or 145 (FIGS. 3A-3D). Theresults of the virus/malware scan may be logged on the system and/orprovided to client system 120 or stored in a results file (not shown).Similarly, a user of client system 120 may use server system 110 toperform a virus/malware scan of local delta disk 134 by producing a copyof the local delta disk on data storage 140. After the virus/malwarescan has completed, the copy of the local delta disk may be deleted, ormerged into virtual disk 142.

The various embodiments described herein may employ variouscomputer-implemented operations involving data stored in computersystems. For example, these operations may require physical manipulationof physical quantities—usually, though not necessarily, these quantitiesmay take the form of electrical or magnetic signals, where they orrepresentations of them are capable of being stored, transferred,combined, compared, or otherwise manipulated. Further, suchmanipulations are often referred to in terms, such as producing,identifying, determining, or comparing. Any operations described hereinthat form part of one or more embodiments of the invention may be usefulmachine operations. In addition, one or more embodiments of theinvention also relate to a device or an apparatus for performing theseoperations. The apparatus may be specially constructed for specificrequired purposes, or it may be a general purpose computer selectivelyactivated or configured by a computer program stored in the computer. Inparticular, various general purpose machines may be used with computerprograms written in accordance with the teachings herein, or it may bemore convenient to construct a more specialized apparatus to perform therequired operations.

The various embodiments described herein may be practiced with othercomputer system configurations including hand-held devices,microprocessor systems, microprocessor-based or programmable consumerelectronics, minicomputers, mainframe computers, and the like.

One or more embodiments of the present invention may be implemented asone or more computer programs or as one or more computer program modulesembodied in one or more computer readable media. The term computerreadable medium refers to any data storage system that can store datawhich can thereafter be input to a computer system—computer readablemedia may be based on any existing or subsequently developed technologyfor embodying computer programs in a manner that enables them to be readby a computer. Examples of a computer readable medium include a harddrive, network attached storage (NAS), read-only memory, random-accessmemory (e.g., a flash memory device), a CD (Compact Discs)—CD-ROM, aCD-R, or a CD-RW, a DVD (Digital Versatile Disc), a magnetic tape, andother optical and non-optical data storage systems. The computerreadable medium can also be distributed over a network coupled computersystem so that the computer readable code is stored and executed in adistributed fashion.

Although one or more embodiments of the present invention have beendescribed in some detail for clarity of understanding, it will beapparent that certain changes and modifications may be made within thescope of the claims. Accordingly, the described embodiments are to beconsidered as illustrative and not restrictive, and the scope of theclaims is not to be limited to details given herein, but may be modifiedwithin the scope and equivalents of the claims. In the claims, elementsand/or steps do not imply any particular order of operation, unlessexplicitly stated in the claims.

In addition, while described virtualization methods have generallyassumed that virtual machines present interfaces consistent with aparticular hardware system, persons of ordinary skill in the art willrecognize that the methods described may be used in conjunction withvirtualizations that do not correspond directly to any particularhardware system. Virtualization systems in accordance with the variousembodiments, implemented as hosted embodiments, non-hosted embodimentsor as embodiments that tend to blur distinctions between the two, areall envisioned. Furthermore, various virtualization operations may bewholly or partially implemented in hardware. For example, a hardwareimplementation may employ a look-up table for modification of storageaccess requests to secure non-disk data.

Many variations, modifications, additions, and improvements arepossible, regardless the degree of virtualization. The virtualizationsoftware can therefore include components of a host, console, or guestoperating system that performs virtualization functions. Pluralinstances may be provided for components, operations or structuresdescribed herein as a single instance. Finally, boundaries betweenvarious components, operations and data stores are somewhat arbitrary,and particular operations are illustrated in the context of specificillustrative configurations. Other allocations of functionality areenvisioned and may fall within the scope of the invention(s). Ingeneral, structures and functionality presented as separate componentsin exemplary configurations may be implemented as a combined structureor component. Similarly, structures and functionality presented as asingle component may be implemented as separate components. These andother variations, modifications, additions, and improvements may fallwithin the scope of the appended claims(s).

What is claimed is:
 1. A method comprising: receiving, by a serversystem from a client system, a request to access a desktop correspondingto a user of the client system, wherein the desktop is provided by aserver-side virtual machine (VM) running on the server system, whereinthe server system directs disk read requests from the server-side VM forsystem data to a server-side system virtual disk, wherein the serversystem directs disk read requests from the server-side VM for user datato a server-side user virtual disk, wherein the server system directsdisk write requests from the server-side VM for system data to aserver-side delta system virtual disk, and wherein the server systemdirects disk write requests from the server-side VM for user data to aserver-side delta user virtual disk; enabling, by the server system, theuser to remotely access the desktop by connecting the client system withthe server-side VM; while the user is remotely accessing the desktop,synchronizing, by the server system, the server-side delta user virtualdisk with a client-side delta user virtual disk residing on the clientsystem; and upon receiving a desktop check-out request from the clientsystem: suspending or powering-off the server-side VM; and merging theserver-side delta user virtual disk into the server-side user virtualdisk.
 2. The method of claim 1 further comprising, upon receiving thedesktop check-out request: merging the server-side delta system virtualdisk into the server-side system virtual disk.
 3. The method of claim 1further comprising, upon receiving the desktop check-out request:discarding the server-side delta system virtual disk without merging itscontents into the server-side system virtual disk.
 4. The method ofclaim 1 wherein the system data comprises data pertaining to guestoperating system (OS) and application software running in theserver-side VM.
 5. The method of claim 1 wherein the user data comprisesuser-specific documents and settings within the desktop.
 6. The methodof claim 1 wherein, subsequently to the suspending or powering-off ofthe server-side VM, the client system is configured to: merge theclient-side delta user virtual disk into a client-side user virtualdisk; create a new client-side delta user virtual disk; and power-on aclient-side VM for providing the desktop to the user, wherein the clientsystem directs disk read requests from the client-side VM for systemdata to a client-side system virtual disk, wherein the client systemdirects disk read requests from the client-side VM for user data to theclient-side user virtual disk, wherein the client system directs diskwrite requests from the client-side VM for system data to a client-sidedelta system virtual disk, and wherein the client system directs diskwrite requests from the client-side VM for user data to the newclient-side delta user virtual disk.
 7. The method of claim 1 whereinthe synchronizing comprises: transferring contents of the server-sidedelta user virtual disk to the client system without transferringcontents of the server-side delta system virtual disk.
 8. Anon-transitory computer readable medium having stored thereon softwareexecutable by a server system, the software embodying a methodcomprising: receiving, from a client system, a request to access adesktop corresponding to a user of the client system, wherein thedesktop is provided by a server-side virtual machine (VM) running on theserver system, wherein the server system directs disk read requests fromthe server-side VM for system data to a server-side system virtual disk,wherein the server system directs disk read requests from theserver-side VM for user data to a server-side user virtual disk, whereinthe server system directs disk write requests from the server-side VMfor system data to a server-side delta system virtual disk, and whereinthe server system directs disk write requests from the server-side VMfor user data to a server-side delta user virtual disk; enabling theuser to remotely access the desktop by connecting the client system withthe server-side VM; while the user is remotely accessing the desktop,synchronizing the server-side delta user virtual disk with a client-sidedelta user virtual disk residing on the client system; and uponreceiving a desktop check-out request from the client system: suspendingor powering-off the server-side VM; and merging the server-side deltauser virtual disk into the server-side user virtual disk.
 9. Thenon-transitory computer readable medium of claim 8 wherein the methodfurther comprises, upon receiving the desktop check-out request: mergingthe server-side delta system virtual disk into the server-side systemvirtual disk.
 10. The non-transitory computer readable medium of claim 8wherein the method further comprises, upon receiving the desktopcheck-out request: discarding the server-side delta system virtual diskwithout merging its contents into the server-side system virtual disk.11. The non-transitory computer readable medium of claim 8 wherein thesystem data comprises data pertaining to guest operating system (OS) andapplication software running in the server-side VM.
 12. Thenon-transitory computer readable medium of claim 8 wherein the user datacomprises user-specific documents and settings within the desktop. 13.The non-transitory computer readable medium of claim 8 wherein,subsequently to the suspending or powering-off of the server-side VM,the client system is configured to: merge the client-side delta uservirtual disk into a client-side user virtual disk; create a newclient-side delta user virtual disk; and power-on a client-side VM forproviding the desktop to the user, wherein the client system directsdisk read requests from the client-side VM for system data to aclient-side system virtual disk, wherein the client system directs diskread requests from the client-side VM for user data to the client-sideuser virtual disk, wherein the client system directs disk write requestsfrom the client-side VM for system data to a client-side delta systemvirtual disk, and wherein the client system directs disk write requestsfrom the client-side VM for user data to the new client-side delta uservirtual disk.
 14. The non-transitory computer readable medium of claim 8wherein the synchronizing comprises: transferring contents of theserver-side delta user virtual disk to the client system withouttransferring contents of the server-side delta system virtual disk. 15.A server system comprising: a processor; a storage component; and amemory having stored thereon program code that, when executed by theprocessor, cause the processor to: receive, from a client system, arequest to access a desktop corresponding to a user of the clientsystem, wherein the desktop is provided by a server-side virtual machine(VM) running on the server system, wherein the server system directsdisk read requests from the server-side VM for system data to aserver-side system virtual disk, wherein the server system directs diskread requests from the server-side VM for user data to a server-sideuser virtual disk, wherein the server system directs disk write requestsfrom the server-side VM for system data to a server-side delta systemvirtual disk, and wherein the server system directs disk write requestsfrom the server-side VM for user data to a server-side delta uservirtual disk; enable the user to remotely access the desktop byconnecting the client system with the server-side VM; while the user isremotely accessing the desktop, synchronize the server-side delta uservirtual disk with a client-side delta user virtual disk residing on theclient system; and upon receiving a desktop check-out request from theclient system: suspend or powering-off the server-side VM; and merge theserver-side delta user virtual disk into the server-side user virtualdisk.
 16. The server system of claim 15 wherein the program code furthercauses the processor to, upon receiving the desktop check-out request:merge the server-side delta system virtual disk into the server-sidesystem virtual disk.
 17. The server system of claim 15 wherein theprogram code further causes the processor to, upon receiving the desktopcheck-out request: discard the server-side delta system virtual diskwithout merging its contents into the server-side system virtual disk.18. The server system of claim 15 wherein the system data comprises datapertaining to guest operating system (OS) and application softwarerunning in the server-side VM.
 19. The server system of claim 15 whereinthe user data comprises user-specific documents and settings within thedesktop.
 20. The server system of claim 15 wherein, subsequently to thesuspending or powering-off of the server-side VM, the client system isconfigured to: merge the client-side delta user virtual disk into aclient-side user virtual disk; create a new client-side delta uservirtual disk; and power-on a client-side VM for providing the desktop tothe user, wherein the client system directs disk read requests from theclient-side VM for system data to a client-side system virtual disk,wherein the client system directs disk read requests from theclient-side VM for user data to the client-side user virtual disk,wherein the client system directs disk write requests from theclient-side VM for system data to a client-side delta system virtualdisk, and wherein the client system directs disk write requests from theclient-side VM for user data to the new client-side delta user virtualdisk.
 21. The server system of claim 15 wherein the program code thatcauses the processor to synchronize the server-side delta user virtualdisk with the client-side delta user virtual disk comprises program codethat causes the processor to: transfer contents of the server-side deltauser virtual disk to the client system without transferring contents ofthe server-side delta system virtual disk.